Use Github Releases for hosting and fetching update files. Enables our fork of Atom to update in-app.

atom-community / atom

:atom: Community build of the hackable text editor

https://atom-community.github.io/

MIT License

734 stars 30 forks source link

Use Github Releases for hosting and fetching update files. Enables our fork of Atom to update in-app. #86

Open DeeDeeG opened 4 years ago

DeeDeeG commented 4 years ago

For Windows, see: https://github.com/Squirrel/Squirrel.Windows/blob/develop/docs/using/github.md

There are no separate docs files I could see for macOS, but here is the repo: https://github.com/Squirrel/Squirrel.Mac

DeeDeeG commented 4 years ago

We should look into some higher-level abstractions already available to do this kind of thing:

https://www.electronjs.org/docs/tutorial/updates#using-updateelectronjsorg
- Requires that we code sign our app, so this is sadly not an option for the time being.
https://www.electronjs.org/docs/tutorial/updates#deploying-an-update-server
- Depending on your needs, you can choose from one of these:
  - Hazel – Update server for private or open-source apps which can be deployed for free on ~~Now~~ Vercel. It pulls from GitHub Releases and leverages the power of GitHub's CDN.

DeeDeeG commented 4 years ago

Actually, I think the requirement to have signed apps is just so we don't get "this app is unauthorized" warnings, and so we don't have our updater stopped with a warning by the OS. (See this documentation.)

We won't get far attempting auto-updating without code signing. (I assume update.electronjs.org probably lets you use it without code signing, but then the users would have a very hard time actually installing the updates.)

Maybe we should disable auto-updating (which is basically broken on this fork until we code sign), and instead show users the GitHub Releases page URL.

For example: we could use the GitHub API, check for updates, and just display a URL to download the new version in "About Atom". And perhaps display a bubble notification instead of running the auto-update mechanism.

aminya commented 4 years ago

We will get this kind of error in the first installation, and it will happen again during updating. So I don't think codesign is a determining factor here.

DeeDeeG commented 4 years ago

I think seeing this kind of errors at all is an issue, right? Many users aren't technical enough to understand what the error means or why it's happening. And their antivirus quarantines the update file.

TRiggAtGM commented 2 years ago

I think seeing this kind of errors at all is an issue, right? Many users aren't technical enough to understand what the error means or why it's happening. And their antivirus quarantines the update file.

This will also be a significant issue for programmers working on work machines as most help desk teams will require only verified software be used, with proper signings for the purposes of auditing